CVE-2026-21877 — AI Deep Analysis Summary

🚨 **Essence**: n8n (workflow automation tool) has a critical code injection flaw. 📉 **Consequences**: Attackers can execute malicious code, leading to **full system compromise** (RCE).

🛡️ **Root Cause**: **CWE-94** (Code Injection). The flaw allows authenticated users to inject and execute arbitrary code via the Git node.

📦 **Affected**: **n8n** by n8n-io. Versions **0.121.2 and earlier** are vulnerable. Both self-hosted and Cloud instances are at risk.

💀 **Attacker Capabilities**: With **Low Privileges** (authenticated user), hackers can overwrite critical files and execute untrusted code. Result: **High Impact** on Confidentiality, Integrity, and Availability.

🔓 **Threshold**: **Medium**. Requires **Authentication** (PR:L). No UI interaction needed (UI:N). Network accessible (AV:N).

💣 **Public Exp**: **Yes**. PoCs exist on GitHub (e.g., Ashwesker, ProjectDiscovery Nuclei templates). Wild exploitation is possible.

🔍 **Self-Check**: Scan for n8n versions < 0.121.3. Use Nuclei templates (`CVE-2026-21877.yaml`) to detect the Git node vulnerability.

🩹 **Fix**: **Yes**. Patched in version **1.121.3** (and >= 0.123.0 per some reports, but advisory confirms fix). Check GitHub Security Advisories (GHSA-v364-rw7m-3263).

🚧 **No Patch?**: **Isolate** the instance. Restrict network access to authenticated users only. Disable the **Git node** if possible. Monitor logs for file write anomalies.

⚡ **Urgency**: **CRITICAL**. CVSS Score is **High** (9.8+ implied by H/H/H). Immediate patching to v1.121.3+ is mandatory for all n8n deployments.